SSL/TLS Strong Encryption: How-To

https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html # “Modern” configuration, defined by the Mozilla Foundation’s SSL Configuration # Generator as of August 2016. This tool is available at # https://mozilla.github.io/server-side-tls/ssl-config-generator/ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some # require OpenSSL 1.1.0, which as of this writing was in pre-release. SSLCipherSuite […]

owasp stuff

https://code.google.com/p/webgoat/ http://chousensha.github.io/blog/2014/08/08/pentest-lab-damn-vulnerable-web-application/

Updating servers cuz of glibc vulnerability

Ghost is a vulnerability in glibc that attackers can use against only a handful of applications right now to remotely run executable code and gain control of a Linux server. The vulnerability is a heap-based buffer overflow and affects all Linux systems, according to experts, and has been present in the glibc code since 2000. […]

SSL Broken Again – Google’s POODLE Affects Oodles

Another challenge for internet security 97% of SSL web servers are likely to be vulnerable to POODLE, a vulnerability that can be exploited in version 3 of the SSL protocol. POODLE, in common with BEAST, allows a man-in-the-middle attacker to extract secrets from SSL sessions by forcing the victim’s browser into making many thousands of […]